Someone got account name, password and/or several codes,
or
a logged in browser session cookie was stolen.

This could be done by you, someone with access or malware.

Steam does not hand out codes (or passwords). So by using 2fa you know its one of those.

Muppet among Puppets님이 먼저 게시:

Someone got account name, password and/or several codes,
or
a logged in browser session cookie was stolen.

This could be done by you, someone with access or malware.

Steam does not hand out codes (or passwords). So by using 2fa you know its one of those.

Willing to bet it was the fake steam card code scam going around. It's been pretty successful lately.

"Catch, here's $50" suddenly you're signing into a fake website and they've got your personal info.

♡ Chaotic ♡님이 먼저 게시:

Except i haven't? That's my problem. 3rd time someone has mentioned it and its been wrong each time. Don't know what 3rd party scam sites ya'll are on about given the only 3rd party stuff i've used is the apps mentioned above for Destiny 2 (Being DIM, Light.gg and D2armorpicker)

The ones you removed after clearing your profile name history.

Secondly someone would have to guess your account name with millions of possible combinations. Next they would have to guess your password with millions of possible combinations to match with your account name.

The reality is you gave them both whether by logging into a known scam site or having tailored malware on your PC.

Having both your account name and password they would then need to guess the Steam Guard Mobile code which changes every 30 seconds, when in fact you also provided that and in turn they created an api key to control your account.

Nx Machina님이 먼저 게시:

♡ Chaotic ♡님이 먼저 게시:

Except i haven't? That's my problem. 3rd time someone has mentioned it and its been wrong each time. Don't know what 3rd party scam sites ya'll are on about given the only 3rd party stuff i've used is the apps mentioned above for Destiny 2 (Being DIM, Light.gg and D2armorpicker)

The ones you removed after clearing your profile name history.

Secondly someone would have to guess your account name with millions of possible combinations. Next they would have to guess your password with millions of possible combinations to match with your account name.

The reality is you gave them both whether by logging into a known scam site or having tailored malware on your PC.

Having both your account name and password they would then need to guess the Steam Guard Mobile code which changes every 30 seconds, when in fact you also provided that and in turn they created an api key to control your account.

The ones that were removed because people like you are blaming them when they aren't the cause. Because they are literally from 2014/2015 when i first played CS. Literally none of those sites even exist anymore afaik and definitely would not have had access to my account as literally all of my account details have changed 2-3 times SINCE that period of time. I'm sick of repeating myself because people either can't read or instead of having actual answers to the question would rather waste both of our time in blaming me as if its my fault when no faultable action as occured.

And no. I never provided them a steam api key or even had 2 fac authentication back then. Because it wasn't required and afaik, i didn't even have 2 fac until 2016 - 2017 if not later. Would have gotten it when they made it the fastest way to do market stuff (due to the 14 day hold at the time). Again. It was not because of those 3rd party sites.

All you're doing is going "Hey that Malware you got 7 years ago 3 computers ago, yeah that was the issue" like no. Its not the case here. Any information those sites had is so outdated they wouldn't even be able to get into the email i used in 2014. Let alone my current details.

Edit: With all do respect, if you are ACTUALLY trying to help, i appreciate that, but atm its just accusing me of a crime i never committed. This isn't a "Mr smart gamer catches the hacker with 17 VAC bans complaining about being banned for hacking" If i had ACTUALLY clicked on a link that was a scam like a dumbass (Like i did 2 years ago and never made a post) or if i had gone some very questionable 3rd party sites, then i never would have made the post, because the reason it happened is obvious, like, i'm not completely inept. I don't make a post like this to bait people or waste time.

In this case, i literally haven't even been on my PC that much over the past month or so and i don't use and haven't used anything 3rd party aside from Destiny Item Manager, D2ArmorPicker or Light.GG since i was 14-15 (Which i have changed passwords semi frequently since, email has been changed twice, 2 fac has changed at least 2 devices, 3-4 at most each with new codes) so its highly unlikely to me that would be the culprit here, and, at the end of the day, i care less about "How" it happened and more so "Will steam support even help" / "Can i get my ♥♥♥♥ back" or am i on my own and just have to hand steam my credit card details once again, to re-purchase what was lost. I can change my passwords, double check my 2 fac and force it to log out all currently authorised devices, i can double check that steam api is empty etc etc to try and prevent any further breaches but none of that helps get my stuff back. Ultimately, if i have to buy my stuff back, so be it, but if support can help me get it back that would be preferred hence the reason i posted in the first place.

Muppet among Puppets님이 먼저 게시:

Someone got account name, password and/or several codes,
or
a logged in browser session cookie was stolen.

This could be done by you, someone with access or malware.

Steam does not hand out codes (or passwords). So by using 2fa you know its one of those.

The only thought is maybe a back-up code? But even then i don't know how'd they would get that, and i'm not even sure if using a backup code bypasses the notification of the login. Because i never knew someone was logged into my account. The first activity my app flagged was the stuff being put up for sale on the market so i'm not to sure.

Stabra Kedabra Alakablam님이 먼저 게시:

Muppet among Puppets님이 먼저 게시:

Someone got account name, password and/or several codes,
or
a logged in browser session cookie was stolen.

This could be done by you, someone with access or malware.

Steam does not hand out codes (or passwords). So by using 2fa you know its one of those.

Willing to bet it was the fake steam card code scam going around. It's been pretty successful lately.

"Catch, here's $50" suddenly you're signing into a fake website and they've got your personal info.

Not for me, dunno what you'd describe as "lately" but i've barely been on my PC as of late. I'm not as broke as i was a kid so trying to find a special "this steam wallet code generator works" isn't something i've been privvy to myself.

Last one i saw/knew about was a discord based one, actually seemed legit cause well, didn't have my glasses on and it was just saying Steam and Discord are running a thing for 1 month of that uhhh Discord prime? Nitro? whatever its called seemed legit and was sent by a trusted friend and then that one auto changed my password and details. But that was like, instant, it also disabled 2 fac entirely. But i don't think i've been hit by the steam give card one, can't speak for old mate who said he got hit as well

♡ Chaotic ♡님이 먼저 게시:

The ones that were removed because people like you are blaming them when they aren't the cause. Because they are literally from 2014/2015 when i first played CS. Literally none of those sites even exist anymore afaik and definitely would not have had access to my account as literally all of my account details have changed 2-3 times SINCE that period of time. I'm sick of repeating myself because people either can't read or instead of having actual answers to the question would rather waste both of our time in blaming me as if its my fault when no faultable action as occured.

And no. I never provided them a steam api key or even had 2 fac authentication back then. Because it wasn't required and afaik, i didn't even have 2 fac until 2016 - 2017 if not later. Would have gotten it when they made it the fastest way to do market stuff (due to the 14 day hold at the time). Again. It was not because of those 3rd party sites.

All you're doing is going "Hey that Malware you got 7 years ago 3 computers ago, yeah that was the issue" like no. Its not the case here. Any information those sites had is so outdated they wouldn't even be able to get into the email i used in 2014. Let alone my current details.

Edit: With all do respect, if you are ACTUALLY trying to help, i appreciate that, but atm its just accusing me of a crime i never committed. This isn't a "Mr smart gamer catches the hacker with 17 VAC bans complaining about being banned for hacking" If i had ACTUALLY clicked on a link that was a scam like a dumbass (Like i did 2 years ago and never made a post) or if i had gone some very questionable 3rd party sites, then i never would have made the post, because the reason it happened is obvious, like, i'm not completely inept. I don't make a post like this to bait people or waste time.

In this case, i literally haven't even been on my PC that much over the past month or so and i don't use and haven't used anything 3rd party aside from Destiny Item Manager, D2ArmorPicker or Light.GG since i was 14-15 (Which i have changed passwords semi frequently since, email has been changed twice, 2 fac has changed at least 2 devices, 3-4 at most each with new codes) so its highly unlikely to me that would be the culprit here, and, at the end of the day, i care less about "How" it happened and more so "Will steam support even help" / "Can i get my ♥♥♥♥ back" or am i on my own and just have to hand steam my credit card details once again, to re-purchase what was lost. I can change my passwords, double check my 2 fac and force it to log out all currently authorised devices, i can double check that steam api is empty etc etc to try and prevent any further breaches but none of that helps get my stuff back. Ultimately, if i have to buy my stuff back, so be it, but if support can help me get it back that would be preferred hence the reason i posted in the first place.

All those sites are known scam sites.

As for getting your items back.

https://help.steampowered.com/en/faqs/view/3B6E-B322-2400-8D24

Secondly you are responsible for the security of your account.

https://store.steampowered.com/subscriber_agreement

C. Your Account (snipped)

You may not reveal, share or otherwise allow others to use your password or Account except as otherwise specifically authorized by Valve.

You are responsible for the confidentiality of your login and password and for the security of your computer system.

Valve is not responsible for the use of your password and Account or for all of the communication and activity on Steam that results from use of your login name and password by you, or by any person to whom you may have intentionally or by negligence disclosed your login and/or password in violation of this confidentiality provision.

Unless it results from Valve’s negligence or fault, Valve is not responsible for the use of your Account by a person who fraudulently used your login and password without your permission. If you believe that the confidentiality of your login and/or password may have been compromised, you must notify Valve via the support form (https://support.steampowered.com/newticket.php) without any delay.

And finally in 18+ years on Steam I have never lost access to my account and that includes before Steam Guard Email, Steam Guard Mobile existed, because i have never used those sites, nor do i use torrents etc.

Nx Machina님이 먼저 게시:

All those sites are known scam sites.

Secondly you are responsible for the security of your account.

https://store.steampowered.com/subscriber_agreement

C. Your Account (snipped)

You may not reveal, share or otherwise allow others to use your password or Account except as otherwise specifically authorized by Valve.

You are responsible for the confidentiality of your login and password and for the security of your computer system.

Valve is not responsible for the use of your password and Account or for all of the communication and activity on Steam that results from use of your login name and password by you, or by any person to whom you may have intentionally or by negligence disclosed your login and/or password in violation of this confidentiality provision.

Unless it results from Valve’s negligence or fault, Valve is not responsible for the use of your Account by a person who fraudulently used your login and password without your permission. If you believe that the confidentiality of your login and/or password may have been compromised, you must notify Valve via the support form (https://support.steampowered.com/newticket.php) without any delay.

And finally in 18+ years on Steam I have never lost access to my account and that includes before Steam Guard Email, Steam Guard Mobile existed.

Which for the 14th time are from 2014 - 2015 and have not been used since (As i played CS for less then 100 hours, lost my ♥♥♥♥ on those websites so i gave up thankfully) and afaik literally none of them even exist anymore, so being "Known scam sites" is irrelevant at this point. If it was the case of id used them in the past month, okay maybe you'd have a point, but its literally 6-7 years ago where all of my account info has changed multiple times between then and now

I'm aware that i'm responsible for my own account security. But if anything, it kinda is Valves fault here, Someone managed to get into my account bypassing Valves 2 factor authentication enitrely, before selling ♥♥♥♥ from my inventory (Again, bypassing Valves 2 fac which was active the entire time)

" in 18+ years on Steam I have never lost access to my account and that includes before Steam Guard Email, Steam Guard Mobile existed." Okay congrats man, good for you. Hope it stays that way.

♡ Chaotic ♡님이 먼저 게시:

Which for the 14th time are from 2014 - 2015 and have not been used since (As i played CS for less then 100 hours, lost my ♥♥♥♥ on those websites so i gave up thankfully) and afaik literally none of them even exist anymore, so being "Known scam sites" is irrelevant at this point. If it was the case of id used them in the past month, okay maybe you'd have a point, but its literally 6-7 years ago where all of my account info has changed multiple times between then and now

I'm aware that i'm responsible for my own account security. But if anything, it kinda is Valves fault here, Someone managed to get into my account bypassing Valves 2 factor authentication enitrely, before selling ♥♥♥♥ from my inventory (Again, bypassing Valves 2 fac which was active the entire time)

" in 18+ years on Steam I have never lost access to my account and that includes before Steam Guard Email, Steam Guard Mobile existed." Okay congrats man, good for you. Hope it stays that way.

Nope, you gave away ALL your account details including the Steam Guard Mobile code because it requires YOUR interaction.

Feel free to guess my account name, password and the Steam Guard Mobile code, the key to the door.

Note: you need my finger to unlock my phone and to unlock Steam Guard Mobile.

♡ Chaotic ♡님이 먼저 게시:

Muppet among Puppets님이 먼저 게시:

Someone got account name, password and/or several codes,
or
a logged in browser session cookie was stolen.

This could be done by you, someone with access or malware.

Steam does not hand out codes (or passwords). So by using 2fa you know its one of those.

The only thought is maybe a back-up code? But even then i don't know how'd they would get that, and i'm not even sure if using a backup code bypasses the notification of the login. Because i never knew someone was logged into my account. The first activity my app flagged was the stuff being put up for sale on the market so i'm not to sure.

There must have been one of these i mentioned,
or your account was hijacked for a long time.

A backup code would work too, but i assume when you get a notification at login, you would have gotten one of those, before he entered the backup code.

You would not get a notification EXTRA, if you expect one, but you are facing a phishing page.

Muppet among Puppets님이 먼저 게시:

There must have been one of these i mentioned,
or your account was hijacked for a long time.

A backup code would work too, but i assume when you get a notification at login, you would have gotten one of those, before he entered the backup code.

You would not get a notification EXTRA, if you expect one, but you are facing a phishing page.

Yeah well, that is seeming to be the likely situation in that its been "Hijacked" for a long time, because yeah there was never any notifications for the login or anything of the sort so not really sure how'd they bypass it. Unless it is some newer hack that gets around it? Not sure

Nx Machina님이 먼저 게시:

Nope, you gave away ALL your account details including the Steam Guard Mobile code because it requires YOUR interaction.

Feel free to guess my account name, password and the Steam Guard Mobile code, the key to the door.

Note: you need my finger to unlock my phone and to unlock Steam Guard Mobile.

Except no, for the 15th time, i didn't. At absolute best case, they had my 2014 account details which are useless. They wouldn't have my current details because literally everything, From My account Username, my password, my account email, have all changed many times (To different things) from what they were in 2014-2015 which is when those sites were used. They never would have had my authentication codes because i didn't have 2 fac back then. So yeah, no it isn't 3rd party sites from 2014/15 and closed years ago, you're just wrong at this point dude. I never gave any of that stuff out. And again, good for you, need my fingerprint to access to my steam guard as well, and guess ♥♥♥♥♥♥ what, It doesn't mean ♥♥♥♥ because they literally bypassed it in its entirety without my input.

Like you're talking like its impossible for them to just have a farm of bots doing this ♥♥♥♥ 24/7. Because its quite obvious that its a bot doing it, its not the 90s anymore, some dude didn't sit at my computer, hit some keys and started guessing my password, the fact it bypassed 2 fac entirely and was able to list things and approve the listings so fast is proof enough that its not a "human" doing it to begin with.

If you're just gonna keep accusing me of doing something i haven't, all you're gonna get is "Okay Boomer" in response, because you clearly either aren't reading what i'm saying or have the basic understanding of a pair of half eaten apples.

♡ Chaotic ♡님이 먼저 게시:

Nx Machina님이 먼저 게시:

Nope, you gave away ALL your account details including the Steam Guard Mobile code because it requires YOUR interaction.

Feel free to guess my account name, password and the Steam Guard Mobile code, the key to the door.

Note: you need my finger to unlock my phone and to unlock Steam Guard Mobile.

Except no, for the 15th time, i didn't. At absolute best case, they had my 2014 account details which are useless. They wouldn't have my current details because literally everything, From My account Username, my password, my account email, have all changed many times (To different things) from what they were in 2014-2015 which is when those sites were used. They never would have had my authentication codes because i didn't have 2 fac back then. So yeah, no it isn't 3rd party sites from 2014/15 and closed years ago, you're just wrong at this point dude. I never gave any of that stuff out. And again, good for you, need my fingerprint to access to my steam guard as well, and guess ♥♥♥♥♥♥ what, It doesn't mean ♥♥♥♥ because they literally bypassed it in its entirety without my input.

Like you're talking like its impossible for them to just have a farm of bots doing this ♥♥♥♥ 24/7. Because its quite obvious that its a bot doing it, its not the 90s anymore, some dude didn't sit at my computer, hit some keys and started guessing my password, the fact it bypassed 2 fac entirely and was able to list things and approve the listings so fast is proof enough that its not a "human" doing it to begin with.

If you're just gonna keep accusing me of doing something i haven't, all you're gonna get is "Okay Boomer" in response, because you clearly either aren't reading what i'm saying or have the basic understanding of a pair of half eaten apples.

If you're trying to claim your account got cracked from bruteforcing, or a table attack, then, well...wouldn't that be on you then?

It wouldn't explain the bypass of the mobile authentication however.

Ten to one, you fell for a phishing scam some months ago and the phisher likely kept authorized on your account either in hiding, or busy with backlog.

Until you manually de-authorize and sign out everything, anything that's been signed into your account remains linked and doesn't need a new Steam Guard code to sign in/access.

♡ Chaotic ♡님이 먼저 게시:

They wouldn't have my current details because literally everything, From My account Username

Username is NOT changeable

Stabra Kedabra Alakablam님이 먼저 게시:

If you're trying to claim your account got cracked from bruteforcing, or a table attack, then, well...wouldn't that be on you then?

Especially brute force or other database things are not on the user side. So i dont know what you actually wanted to say.